class LoginController < ApplicationController
  before_filter :authorize, :except =>:login
  layout "admin"
  
  def add_user
    if(params[:user] != nil)
      @user = User.new(params[:user])
    	if request.post? and @user.save
    		flash[:notice] = "User #{@user.name} created"
            @user = User.new
      end
    end
  end
  
  def login
    session[:user_id] = nil
    if request.post?
      user = User.authenticate(params[:name], params[:password])
      if user
        session[:user_id] = user.id
        redirect_to(:controller=>"admin", :action => "list")
      else
        logger.info "missing"
        flash[:notice] = "Invalid user/password combination"
      end
    end
  end
  
  def delete_user
    id = params[:id]
    if id && user = User.find(id)
      begin
        user.destroy
        flash[:notice] = "User #{user.name} deleted"
      rescue Exception => e
        flash[:notice] = e.message
      end
    end
    redirect_to(:action => :list_users)
  end

  def list_users
    @users = User.find(:all)
  end

  def logout
      session[:user_id] = nil
      flash[:notice] = "Logged out"
      redirect_to(:action => "login")
  end

end